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DETAILED ACTION 

1. Claims 1-96 are pending in the application. 

2. Claims 1, 4-13, 15, 17, 20, 22-33, 35-40, 42-58, 60-65, 67-76, 78-80, 82, 84, 85, 87, 
88, 90, 92, 93, 95 and 96 have been rejected. 

3. Claims 18,' 41, 59, 66, 77, 81, 83, 86, 89, 91 and 94 have been objected to. 

4. Claims 2, 3, 14, 16, 19, 21 and 34 have been cancelled. 

Response to Arguments 

5. Applicant's arguments with respect to claims 1-96 have been considered but are moot 
in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC §102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

6. Claims 1, 4-7, 11, 13, 17, 20, 71-75, 82 and 88 are rejected under 35 U.S.C. 102(b) 
as being anticipated by Krajewski, Jr. et al U.S. Patent No. 5,590,199 (hereinafter 
Krajewski). 

As to claim 1, Krajewski discloses a method for establishing a secure 
communication channel between a client and an application server comprising the steps 
of: 

(a) receiving, at a web server, a request from a client to have an 
application program executed on an application server and to have output from 
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the application program executing on the application server transmitted to the 
client; 

(b) generating by a ticket service, a ticket having an identifier and a 
session key: 

(c) obtaining, by the web server, the ticket from the ticket service; 

(d) transmitting, by the web server, the ticket to the client over a secure 
communication channel; 

(e) transmitting, by the client , the identifier from the ticket to the 
application server; 

(f) obtaining., by the application server., a copy of the session key from 
the ticket service using the identifier; 

(g) establishing an application communication channel between the client 
and the application server; 

(h) executing, by the application server, the application program identified 
in the request; 

(i) transmitting, by the application server, output of the application 
program over the application communication channel via a remote display 
protocol; and 

(j) encrypting the output communicated to the client over the application 
communication channel using the session key [column 8, lines 1-49]. 
As to claims 4 and 72, Krajewski discloses that the ticket service resides on the 
web server [column 5, hnes 14-24]. 
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As to claims 5 and 73, Krajewski discloses transmitting, by the application server, 
the identifier to the web server over a server communication channel [column 5 line 64 to 
column 6 line 36]. 

As to claim 6, Krajewski discloses receiving, by the application server, a response 
to transmitting the identifier to the web server, the response including the session key 
[column 6, lines 11-36]. 

As to claim 7, Krajewski discloses validating, by the web server, the identifier 
[column 6, lines 11-36]. 

As to claim 11, Krajewski discloses establishing the server communication 
channel as a secure communication channel [column 5, lines 47-54]. 

As to claim 13, Krajewski discloses a method for establishing a secure 
communication channel between a client and an application server comprising the steps 
of: 

(a) receiving a request fi:*om a web server to execute an application 
program on behalf of a client and transmit to the client output from the application 
program executing on the application server; 

(b) receiving an identifier fi*om the client; 

(c) obtaining fi-om the web server a copy of a session key associated with 
the identifier 

(d) establishing an application communication channel with the client; 

(e) executing the application program identified in the request; 

(f ) transmitting output of the executing application program over the 
application communication channel via a remote display protocol; and 
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(g) encrypting the output using the session key [column 8, lines 1-49]. 

As to claims 17 and 71, Krajewski discloses that the ticket is generated by a ticket 
service, as discussed above. 

As to claim 20, Krajewski discloses that step (b) further comprises receiving a 
password from the client [column 5 line 64 to column 6 line 9]. 

As to claim 82, Krajewski discloses that step (j) further comprises decrypting 
communications from the application server using the session key [column 6, lines 32- 
36]. 

As to claim 74, Krajewski discloses that the application server receives a response 
to transmitting the identifier to the web server, the response including the session key 
[column 6, lines 36-67]. 

As to claim 75, Krajewski discloses that the web server validates the identifier 
[column 6, lines 36-67]. 

As to claim 88, Krajewski discloses that step (g) fizrther comprises decrypting 
communications from the client [column 6, lines 36-67]. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 8 and 76 are rejected under 35 U.S.C 103(a) as being unpatentable over 
Krajewski, Jr. et al U.S. Patent No. 5,590,199 as applied to claims 1 and 13 above, 
and further in view of Johnson et al U.S. Patent No. 5,560,008. 
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As to claims 8 and 76, Krajewski does not teach confirming by the web server 
that the identifier is received by the web server within a certain time fi'ame relative to a 
time that the identifier is transmitted by the web server to the client. 

Johnson et al teaches confirming by a server that an identifier is received by the 
web server within a certain time fi*ame relative to a time that the identifier is transmitted 
by a web server to a client [column 10 line 62 to column 1 1 line 29]. 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified Krajewski so that the web server 
confirmed that the that the identifier was received by the web server within a certain time 
fi-ame relative to a time that the identifier was transmitted by the web server to the client. 

It would have been obvious to a person having ordinary skill in the art at the time 
the invention was made to have modified Krajewski by the teaching of Johnson et al 
because the server is not required to store the user information longer than needed or 
desired by the server. This provides for the cases in which the authentication for a user 
is good for a specified length of time, such as a certain number of minutes or hours or 
days. After this predetermined period of time, the server discards the credentials 
structure, and will no longer honor a request containing that credentials identifier. This 
forces the user machine to perform a new request for service, thereby inherently 
enforcing a periodic authentication of remote users in order to ensure that there has not 
been a masquerading of users [column 6, lines 38-49]. 

8. Claims 9, 10, 78 and 79 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Krajewski, Jr. et al U.S. Patent No. 5,590,199 as applied to claims 1 and 13 
above, and further in view of Davis U.S. Patent No. 5,818,939. 
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As to claims 9 and 10, Krajewski does not teach that the session key is 
substantially equivalent to a null value. Krajewski does not teach that the null value is a 
constant value. 

Davis teaches session keys that are equivalent to a null value. Davis teaches that 
the null value is a constant value [column 4 line 57 to column 5 line 12]. 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified Krajewski so that the session keys 
had a null value and the null value was constant. 

It would have been obvious to a person having ordinary skill in the art at the time 
the invention was made to have modified Krajewski by the teaching of Davis because the 
examiner asserts by assigning this value to the session key this enables the client and 
server to know if the session key is still valid for communication. 

9. Claims 12, 22-27, 29-33, 35-40, 46-50, 52-57, 64, 65, 68, 85, 87, 93 and 96 are 
rejected under 35 U.S.C. 103(a) as being unpatentable over Krajewski, Jr. et al U.S. 
Patent No. 5,590,199 in view of Anderson et al U.S. Patent No. 6,108,787. 

As to claims 12, 22, 37, 46 and 87, Krajewski discloses a method for establishing 
a secure communication channel between a client and an application server comprising 
the steps of (a) transmitting, to a web server a request to have an application server 
execute an application program and transmit output from the application program 
executing on the application server; (b) establishing a secure web communication channel 
between a web browser executing on the client and the web server; (c) receiving a ticket 
having an identifier and a session key from the web server over the secure web 
communication channel; (d) establishing an application communication channel with the 
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application server over the application communication channel; (e) transmitting the 
identifier from the ticket to the application server over an application communication 
channel to provide the application server v^ith information for obtaining a copy of the 
session key; 

(f) receiving output of the application program, identified in the request, from the 
application server over the application communication channel; and (g) decrypting the 
output using the session key, all as discussed above. 

Krajewski does not teach that the remote display protocol is the Remote Display 
Protocol. 

Anderson et al teaches a remote display protocol that is the Remote Display 
Protocol [column 14, lines 5-11]. 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified Krajewski so that the remote display 
protocol would have been the Remote Display Protocol. 

It would have been obvious to a person having ordinary skill in the art at the time 
the invention was made to have modified Krajewski by the teaching of Anderson et al 
because it allows a user in a more classified network to run an application on an 
information processing means (e.g. workstation in the less classified network while 
displaying the results of the session on the information processing means (e.g. 
workstation) in the more classified network [column 14, lines 5-11], 

As to claims 23, 47 and 65, Krajewski teaches that the ticket service resides on 
the web server, as discussed above. 
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As to claims 35, 40, 57 and 68, Krajewski teaches that the step (e) further 
comprises transmitting a password to the appHcation server [column 5 Hne 64 to column 
6 line 9]. 

As to claim 24, Krajewski teaches the application server transmitting the identifier 
to the web server over a server communication channel, as discussed above. 

As to claims 25 and 48, Krajewski teaches the application server requesting a 
copy of the session key in response to receiving the identifier from the client [column 6, 
lines 37-67]. 

As to claims 26 and 49, Krajewski teaches the web server validating the identifier 
[column 6, lines 37-67]. 

As to claims 27 and 50, Krajewski teaches that the web server validates the 
identifier has not been previously received from the application server [column 6, lines 
37-67]. 

As to claim 29, Krajewski teaches the web server transmitting the session key to 
the application server over the server communication channel [column 6, lines 37-67]. 

As to claims 30 and 53, Krajewski teaches that the server communication channel 
is a secure communication channel, as discussed above. 

As to claims 31, 38 and 54, Krajewski teaches the web server transmitting 
additional information to the application server over the server communication channel 
[column 6, lines 37-67]. 

As to claims 32 and 55, Krajewski teaches that the additional information 
comprises login information of a user of the client [column 6, lines 37-67]. 
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As to claims 33 and 56, Krajewski teaches that the additional information 
comprises a name of a software application executing on the application server [column 
5, lines 14-24]. 

As to claim 36, Krajewski teaches that the ticket service transmitting information 
corresponding to at least one of the client and a user operating the client to the application 
server [column 6, lines 37-67]. 

As to claim 39, Krajewski teaches that the additional information further 
comprises an address of the application server [column 5, Hnes 14-24]. 

As to claim 52, Krajewski teaches that the web server transmits the session key to 
the application server over a server communication channel in response to receiving the 
identifier from the application server, as discussed above. 

As to claim 58, Krajewski teaches that the ticket service transmits information 
corresponding to at least one of the client and a user operating the client to the application 
server [column 6, lines 36-67]. 

As to claim 64, Krajewski teaches that the ticket is generated by a ticket service, 
as discussed above. 

As to claim 85, Krajewski teaches that the step (g) further comprises encrypting 
communications to the application server, as discussed above. 

As to claim 93, Krajewski teaches that the client encrypts communications to the 
application server using the session key, as discussed above. 

As to claim 96, Krajewski teaches that the application server decrypts 
communications from the client using the session key, as discussed above. 
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10. Claim 15 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Krajewski, Jr. et al U.S. Patent No. 5,590,199 as applied to claim 13 above, and 
further in view of Gifford U.S. Patent No. 6,049,785. 

As claim 15, Krajewski does not teach that step (b) comprises receiving a nonce 
from the client. 

GifFord teaches an identifier that is a nonce. 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified Krajewski so that a nonce was 
received from the client in step (b). 

It would have been obvious to a person having ordinary skill in the art at the time 
the invention was made to have modified Krajewski by the teaching of Gifford because 
the examiner asserts that a nonce is used to prevent replay attacks. 

11. Claims 28 and 51 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Krajewski, Jr. et al U.S. Patent No. 5,590,199 and Anderson et al U.S. Patent 
No. 6,108,787as applied to claims 22 and 46 above, and further in view of Johnson et 
al U.S. Patent No. 5,560,008. 

As to claims 28 and 51, the Krajewski- Anderson combination does not teach that 
the web server validates the identifier when the identifier is received by the web server 
within a predetermined time frame. 

Johnson et al teaches confirming by a server that an identifier is received by the 
web server within a certain time frame relative to a time that the identifier is transmitted 
by a web server to a client [column 10 line 62 to column 1 1 line 29]. 
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Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified the Krajewski- Anderson 
combination so that the web server would have validated the identifier when the identifier 
was received by the web server within a certain time frame. 

It would have been obvious to a person having ordinary skill in the art at the time 
the invention was made to have modified the Krajewski- Anderson combination by the 
teaching of Johnson et al because the server is not required to store the user information 
longer than needed or desired by the server. This provides for the cases in which the 
authentication for a user is good for a specified length of time, such as a certain number 
of minutes or hours or days. After this predetermined period of time, the server discards 
the credentials structure, and will no longer honor a request containing that credentials 
identifier. This forces the user machine to perform a new request for service, thereby 
inherently enforcing a periodic authentication of remote users in order to ensure that 
there has not been a masquerading of users [column 6, lines 38-49]. 
12. Claims 42, 63 and 67 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Krajewski, Jr. et al U.S. Patent No. 5,590,199 and Anderson et al U.S. Patent 
No. 6,108,787 as applied to claims 12, 37 and 46 above, and further in view of 
Baskey et a! U.S. Patent No. 6,049,785. 

As to claims 42, 63 and 67, the Krajewski- Anderson combination does not teach 
that step (b) further comprises using secure socket layer technology to establish the 
secure web communication channel. 

Baskey et al teaches using SSL and its benefits [column 5, lines 17-37]. 
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Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified the Krajewski-Anderson 
combination so that step (b) would have further comprised using secure socket layer 
technology to establish the secure web communication channel. 

It would have been obvious to a person having ordinary skill in the art at the time 
the invention was made to have modified the Krajewski-Anderson combination by the 
teaching of Baskey et al because SSL is application protocol independent. A higher-level 
protocol can layer on top of the SSL Protocol transparently. Thus, the SSL protocol 
provides connection security where encryption is used after an initial handshake to define 
a secret key, and where the communication partner's identity can be authenticated using 
asymmetric, or public key, cryptography such as RSA [column 1, lines 30-41]. 
13. Claims 43 and 60 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Krajewski, Jr. et al U.S. Patent No. 5,590,199 and Anderson et al U.S. Patent 
No. 6,108,787 as applied to claims 37 and 46 above, and further in view of GiflFord 
U.S. Patent No. 6,049,785. 

As claims 43 and 60, the Krajewski-Anderson combination does not teach that the 
identifier is a nonce. 

GifFord teaches an identifier that is a nonce. 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified the Krajewski-Anderson 
combination so that the identifier was a nonce. 

It would have been obvious to a person having ordinary skill in the art at the time 
the invention was made to have modified the Krajewski-Anderson combination by the 
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teaching of GifFord because the examiner asserts that a nonce is used to prevent replay 
attacks, 

14. Claims 44, 45, 61, 62, 69 and 70 are rejected under 35 U.S.C 103(a) as being 
unpatentable over Krajewski, Jr. et al U.S. Patent No. 5,590,199 and Anderson et al 
U.S. Patent No. 6,108,787 as applied to claims 12, 37 and 46 above, and further in 
view of Davis U.S. Patent No. 5,818,939. 

As to claims 44, 45, 61, 62, 69 and 70, the Krajewski- Anderson combination does 
not teach that the session key is substantially equivalent to a null value, Krajewski does 
not teach that the null value is a constant value. 

Davis teaches session keys that are equivalent to a null value. Davis teaches that 
the null value is a constant value [column 4 line 57 to column 5 line 12]. 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified the Krajewski- Anderson 
combination so that the session keys had a null value and the null value was constant. 

It would have been obvious to a person having ordinary skill in the art at the time 
the invention was made to have modified the Krajewski- Anderson combination by the 
teaching of Davis because the examiner asserts by assigning this value to the session key 
this enables the client and server to know if the session key is still valid for 
communication. 

15. Claim 80 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Krajewski, Jr. et al U.S. Patent No. 5,590,199 as applied to claim 1 above, and 
further in view of GifTord U.S. Patent No. 6,049,785. 

As claim 80, Krajewski does not teach that the identifier is a nonce. 
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GifFord teaches an identifier that is a nonce. 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified Krajewski so that the identifier was 
a nonce. 

It would have been obvious to a person having ordinary skill in the art at the time 
the invention was made to have modified Krajewski by the teaching of Gifford because 
the examiner asserts that a nonce is used to prevent replay attacks. 
16. Claims 84 and 90 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Krajewski, Jr. et al U,S. Patent No. 5,590,199 as applied to claims 1 and 13 
above, and further in view of Anderson et al U.S. Patent No. 6,108,787. 

As to claims 84 and 90, Krajewski does not teach that the remote display protocol 
is the Remote Display Protocol. 

Anderson et al teaches a remote display protocol that is the Remote Display 
Protocol [column 14, Hnes 5-11]. 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified Krajewski so that the remote display 
protocol would have been the Remote Display Protocol. 

It would have been obvious to a person having ordinary skill in the art at the time 
the invention was made to have modified Krajewski by the teaching of Anderson et al 
because it allows a user in a more classified network to run an application on an 
information processing means (e.g. workstation in the less classified network while 
displaying the results of the session on the information processing means (e.g. 
workstation) in the more classified network [column 14, lines 5-11]. 
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17. Claims 92 and 95 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Krajewski, Jr. et al U.S. Patent No. 5,590,199 and Anderson et al U.S. Patent 
No. 6,108,787 as applied to claims 37 and 46 above, and further in view of Anderson 
et al U.S. Patent No. 6,108,787. 

As to claims 92 and 95, the Krajewski- Anderson combination does not teach that 
the remote display protocol is the Remote Display Protocol. 

Anderson et al teaches a remote display protocol that is the Remote Display 
Protocol [column 14, lines 5-11]. 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified the Krajewski-Anderson 
combination so that the remote display protocol would have been the Remote Display 
Protocol. 

It would have been obvious to a person having ordinary skill in the art at the time 
the invention was made to have modified the Krajewski-Anderson combination by the 
teaching of Anderson et al because it allows a user in a more classified network to run an 
application on an information processing means (e.g. workstation in the less classified 
network while displaying the results of the session on the information processing means 
(e.g. workstation) in the more classified network [column 14, lines 5-11]. 

Allowable Subject Matter 

18. Claims 18, 41, 59, 66, 77, 81, 83, 86, 89, 91 and 94 are objected to as being 
dependent upon a rejected base claim, but would be allowable if rewritten in 
independent form including all of the limitations of the base claim and any 
intervening claims. 
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As to claims 18, 41, 59, 66, 77 and 81, prior art does not discloses or fairly 
suggest that the identifier is an application server certificate. 

As to claims 83, 86, 89, 91 and 94, prior art does not discloses or fairly suggest 
that the remote display protocol is the Independent Computing Architecture protocol. 

Conclusion 

19. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated fi"om the mailing date of the 
advisory action. In no event, however, will the statutory period for reply expire later than 
SIX MONTHS fi-om the date of this final action. 

Any inquiry concerning this communication or earlier communications fi*om the 
examiner should be directed to Aravind K Moorthy whose telephone number is 703-305- 
1373. The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 703-305-9648. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 

AYAZ SHEIKH 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



Aravind K Moorthy 
July 22, 2004 



